Cybersecurity Trends: The Year Ahead

The cybersecurity market moves fast. For vendors, staying abreast of the latest trends and understanding the impact on their customers, clients, and prospects should inform how they message and market both products and services. Cybercrime continues to grow in volume and sophistication – but cyber vendors continue to launch impressive tech and services to keep pace. Some of the most advanced technology is being deployed by malicious actors who are better equipped than their targets. Their tactics are multiple and relentless: ransomware, exploiting supply chains, leveraging unending vulnerabilities and zero-days to name a few. At the same time, cybercriminals can find success by using the old standbys of social engineering, including phishing, baiting, and whaling, when users aren’t on their toes.

Consequently, security measures run the gamut – from simple training cybersecurity awareness programs that familiarize employees with common attack schemes to on-site security point solutions to fully integrated managed security operations options and AI/ML platforms. Companies of all sizes have a lot of options to protect themselves against growing threats.

Want to stay ahead of the cybercriminals and prepare for the changing cybersecurity landscape? Here are five trends that are likely to go beyond this year:

TREND #1: Criminal collaboration and growing cybercrime business

Gone are the days when hackers worked alone, poking around to find a vulnerability to exploit. Modern cybercrime is big business. Cybercriminals are collaborating with each other to organize successful attacks by specializing in different areas of expertise, as Kaspersky detailed in a report on the cybercriminal underground. Additionally, the dark web makes it possible for individual hackers or groups to buy off-the-shelf kits to go on their own malware or ransomware sprees. Efforts by government agencies and more stringent regulations and standards have thwarted some of the actions by state actors and others. But with potentially huge profits to be gained by cybercrime (estimated to be roughly $1.5 trillion annually), the incentives for criminals to collaborate with each other will continue. The question is whether cybersecurity teams in businesses, government, and other organizations can continue to advance their own effective countermeasures.

While it’s impossible to completely prevent cyberattacks, one proactive step that businesses can take is to update software when new versions become available. These updates often contain bug fixes and security updates to close gaps and fix coding issues that can be exploited by criminals. Veracode’s State of Software Security Report released in October 2020 found that more than three-quarters (75.2%) of applications have security flaws.

TREND #2: Supply-chain vulnerabilities

Supply chains of all sorts, including third-party services and software vendors, represent an effective entry point for cybercriminals. Software supply chains are a particular risk: If an attacker can infect a supplier with malware, they’ve potentially infected all the supplier’s customers. Third-party vulnerabilities are a prevalent issue in this era of digital transformation, as companies depend on the expertise and services of suppliers to compete in a marketplace increasingly driven by data and analysis. Already exhausted by trying keep their own operations secure, some organizations struggle with how to make sure their suppliers are compliant with security measures—and are taking the steps to ensure that certain security measures are in place as a requirement for doing business.

As a recent Harvard Business Review article suggests, even smaller organizations with limited resources need not feel helpless. Teaming up with others, being smart about necessary patching, and pushing patching requirements to vendors are three fundamental ways to respond, the authors said. Additionally, some organizations may want to consider security risk assessments to help determine if suppliers’ security measures meet their tolerance for risk.

TREND #3: IoT expands the attack surface

Internet of Things (IoT) offers a lot of benefits to modern business – with capabilities such as automation that can lower operations cost and increase productivity. But these devices, connected to your network, can also introduce risk – in the form of hidden vulnerabilities that can be used as a gateway into your systems. IoT providers are getting better about integrating security into the development life cycle of these devices to make them more secure. While patching is important for any software, overall network security best practices remain important for minimizing exposure through IoT devices.

TREND #4: Data privacy protection expands

When Europe launched the broad protections of the GDPR, international organizations were required to comply with regulations surrounding customers’ personal information and data privacy, and that ramped up further in subsequent years. While Congress is unlikely to grab the baton and add similar national protections for U.S. citizens, other efforts are underway to extend protections at the state level. A handful of states are expected to pass new legislation. California, Colorado, and Virginia have already done so, and we can expect this trend to continue. Vendors, too, are beginning to place a priority on protecting customer data. Notably, Apple introduced a feature in its operating system in 2021 to allow users to see what apps are tracking them. The implementation hasn’t been smooth-sailing, but it’s a signal that consumers want transparency and protection and likely will reward those companies that offer it. Businesses should aim to prioritize data privacy in the near term (as with Apple, it’s also a brand differentiator), as well as amp up their data governance programs to pave the way.

TREND #5: Social engineering continues to be effective

Promises of sudden riches from Nigerian princes have been comic fodder for a decade or more, yet social engineering remains an effective tactic for cybercriminals. Playing on fear and intimidation in particular, the cybercriminals send fake overdue bills or phony letters from the CEO to gain access to personal data and credentials for accounts. Security Boulevard reported a whopping 270 percent increase in social engineering threats in 2021. In addition to emails, hackers are infiltrating texts, gaming, and mobile apps, as well as using legitimate platforms such as AWS and Azure to exfiltrate valuable information. While vendors are now offering tools to aid organizations that don’t want to rely on their end-users to ward off attacks, ultimately, it is still up to companies to make employees aware of common tactics. Often, this can be accomplished by providing employee cybersecurity training and prioritizing a strong cybersecurity culture at your organization. Unfortunately, skepticism and suspicion, not trust and openness, are the guiding attitudes in today’s business environment.

How does your solution stack up against these trends?

The cybersecurity market is changing rapidly, which can make it challenging to break through the noise for cybersecurity products and services alike. Our clients rely on us to be cybersecurity marketing experts – for content, targeting, programming, and more. Read our most popular cybersecurity blog, Cyber Security Marketing Ideas & Tips: Six Things to Do Differently for Sales Enablement for some ideas to help give your cybersecurity marketing plan a leg up.

If you’re considering bringing on additional help with your cybersecurity marketing plans and programs, we recommend reviewing our eBook, Finding the Right Cybersecurity Marketing Partner, or you can contact us directly for an introductory chat.